How to retrieve a count value ?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
KevinDA
Cheater
Cheater
Posts: 34
Joined: Thu Apr 16, 2020 12:28 pm
Reputation: 0

How to retrieve a count value ?

Post by KevinDA »

Hello, in this example I would like to retrieve and modify the value 30. how do I do it ?

Image

User avatar
Dread_Pony_Roberts
Fearless Donors
Fearless Donors
Posts: 255
Joined: Sun Dec 09, 2018 8:46 am
Reputation: 129

Re: How to retrieve a count value ?

Post by Dread_Pony_Roberts »

I want to help you but you are jumping strait into the deep end. First off, the game you are cheating in is a 64 bit game and they are usually more complicated to deal with. I assume you are still cheating in WWE2K20, which is a very recent AAA game and is thus much more complicated to deal with. The main issue though is that you seem to have started cheating in real games when you hardly have a basic grasp on how assembly coding works.

I would strongly suggest that you do the tutorial, watch beginner tutorials such as this https://www.youtube.com/watch?v=z_5n6vl ... AkmP0NXz_6
Last edited by Dread_Pony_Roberts on Sat May 02, 2020 1:17 am, edited 2 times in total.

User avatar
SunBeam
Administration
Administration
Posts: 2858
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 1972

Re: How to retrieve a count value ?

Post by SunBeam »

LOL. Seeing this is the 3rd or 4th time he's blatantly ignoring any advice everyone has given him so far, I too will ignore any common sense and start randomly posting shit in his topics. He's trying to fucking change a COUNTER. That 30 there is a display counter, it tells you how many times your opcdoe was hit when debugging. It's not a memory value. Please start from the beginning, as already several people told you, so you'd stop making a fool of yourself and giving others the opportunity for mockery. I'll start warning your ass if you continue to ignore us and post another topic.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1480
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 736

Re: How to retrieve a count value ?

Post by TheyCallMeTim13 »

Image

Here you go it's "modify" now.

User avatar
kantoboy69
Expert Cheater
Expert Cheater
Posts: 90
Joined: Fri Aug 30, 2019 5:33 am
Reputation: 39

Re: How to retrieve a count value ?

Post by kantoboy69 »

You guys :lol: :lol: :lol: :lol: :lol:

@KevinDA you can't modify that counter but you can check all the registers, and the stack trace (click more info, then the tiny s box]

In xenonauts 2 there is this part of code. This is called by almost any functions that uses the class that inherits it
(e.g. hitpoints, buildpoints, etc). Since the object clone the data, the address of values will always change so
I've found out that it will need to fetch those values somehow and found this.

Code: Select all

Common:Range:get_Value - 48 83 EC 18           - sub rsp,18 { 24 }
Common:Range:get_Value+4- 48 89 4C 24 08        - mov [rsp+08],rcx
Common:Range:get_Value+9- 48 8B C1              - mov rax,rcx
Common:Range:get_Value+c- F3 0F10 40 14         - movss xmm0,[rax+14]
Common:Range:get_Value+11- F3 0F5A C0            - cvtss2sd xmm0,xmm0
Common:Range:get_Value+15- F2 0F5A E8            - cvtsd2ss xmm5,xmm0
Common:Range:get_Value+19- F3 0F11 2C 24         - movss [rsp],xmm5
Common:Range:get_Value+1e- F3 0F10 04 24         - movss xmm0,[rsp]
Common:Range:get_Value+23- F3 0F5A C0            - cvtss2sd xmm0,xmm0
Common:Range:get_Value+27- F2 0F5A C0            - cvtsd2ss xmm0,xmm0
Common:Range:get_Value+2b- 48 83 C4 18           - add rsp,18 { 24 }
Common:Range:get_Value+2f- C3                    - ret 
by analyzing the stack trace and registers I come up with this

Code: Select all

// Get Value MemCode
GetValuenewmem:
  cmp   dword [rsp+0], 232 // QUANTITY_ID
  jne   BuildingPointsCode
  cmp   dword ptr [isFetchSellItem], 1
  jne   ICodeEnds
  mov   dword ptr [isFetchSellItem], 0
  mov   qword ptr [ValueAddr], rcx
  jmp   ICodeEnds
BuildingPointsCode:
  cmp   dword [rsp+0], 1d1 // BUILDINGPOINTS_ID
  jne   ResearchPointsCode
  mov   qword ptr [BuildingPointsAddr], rcx
  jmp   ICodeEnds
ResearchPointsCode:
  cmp   dword [rsp+0], 246 // RESEARCHPOINTS_ID
  jne   EngineerPointsCode
  mov   qword ptr [ResearchPointsAddr], rcx
  jmp   ICodeEnds
EngineerPointsCode:
  cmp   dword [rsp+0], 1e7 // ENGINEERINGPOINTS_ID
  jne   ProgressPointsCode
  mov   qword ptr [EngineerPointsAddr], rcx
  jmp   ICodeEnds
ProgressPointsCode:
  cmp   dword [rsp+0], 22a // PROGRESSPOINTS_ID
  jne   GeoTimerCode
  mov   qword ptr [ProgressPointsAddr], rcx
  jmp   ICodeEnds
GeoTimerCode:
  cmp   dword [rsp+208], 20a
  jne   ICodeEnds
EngineerWorkForceCode:
  cmp   dword [rsp+c0], 1e6 // Engineer work force
  je    WorkForceCode
ScientistWorkForceCode:
  cmp   dword [rsp+c0], 245 // Scientist work force
  je    WorkForceCode
  jmp   ICodeEnds
WorkForceCode:
  mov   qword ptr [tmpvar1], rbx
  mov   ebx, (float)100
  mov   dword ptr [rcx+14], ebx
  mov   rbx, qword ptr [tmpvar1]
  jmp   ICodeEnds
//testcode:
//  cmp   dword [rsp+0], 2
//  jle   ICodeEnds
//  jmp   ICodeEnds
//testcode2:
//  nop
ICodeEnds:
GetValuecode:
  mov   rax,rcx
  movss xmm0,[rax+14]
  jmp   GetValuereturn
  
The // remarks with ID's are values in specific stack that fetch those specific values.

This one [isFetchSellItem] is a registered symbol set from another aa script before that uses get_value
So I set it to 1 every time that specific code will use get_value to modify that address then after it uses it, set it back to 0.
Hence I have now the address of quantity value's base address.

By back-tracking/tracing using stack result on "Following opcode access"
You can check for what to look for in stack that leads to your expected result

Also base on your example, you can use "set breakpoint condition" like this (right click on the debug break point then click that)
RBX == 180CA1ABDA0
Your watched address is 180CA1B4BA0 the code is RBX+8e00 hence RBX-8e00 is 180CA1ABDA0

So you need a lot of patience and basic Assembly language understanding if you really want it :D
Although logic flow in asm is top down then it will also be challenging

Post Reply

Who is online

Users browsing this forum: No registered users